Edgar Weippl

Research Interests

His research focuses on applied concepts of IT-security and e-learning.

Bio

After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked in a re-search startup for two years. He then spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York, NY and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded the research center SBA Re-search together with A Min Tjoa and Markus Klemen.

Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is member of the editorial board of Computers & Security (COSE) and he organizes the ARES conference.

@ARTICLE{Ekelhart_XMLSecurity_2008,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner},
title = {XML Security - A comparative literature review},
journal = {Journal of Systems and Software},
year = {2008},
month = {1},
abstract = {Since the turn of the millenium, Working Groups of the W3C have been concentrating on the development of XML based security standards, which are paraphrased as XML Security. XML Security consists of three recommendations: XML (Digital) Signature, XML Encryption and XML Key Management Specification (XKMS), all of them published by the W3C. By means of a review of the available literature the authors draw several conclusions about the status quo of XML Security. Furthermore the current state and focuses of research as well as the existing challenges are derived. Trends to different application areas - e.g. use of XML Security for Mobile Computing - are also outlined. Based on this information the analyzed results are discussed and a future outlook is predicted.},
volume = {81},
pages = {1715-1724},
note = {ISSN: 0164-1212},
}

Katharina Krombholz and Heidelinde Hobel and Markus Huber and Edgar R. Weippl, "Social engineering attacks on the knowledge worker," in Proceedings of the 6th International Conference on Security of Information and Networks, 2013, pp. 28-35. BibTeX

2012

Katharina Krombholz and Dieter Merkl and Edgar R. Weippl, "Fake Identities in Social Media: A Case Study on the Sustainability of the Facebook Business Model," Journal of Service Science Research, 2012. BibTeX | PDF

Amin Anjomshoaa and Khue Vo Sao and Amirreza Tahamtan and A Min Tjoa and Edgar R. Weippl, "Self-Monitoring in Social Networks," Special issue for the International Journal of Intelligent Information and Database Systems (IJIIDS), 2010. BibTeX

Amirreza Tahamtan and Amin Anjomshoaa and Edgar R. Weippl and A Min Tjoa, "A SOM-Based Technique for a User-Centric Content Extraction and Classification of Web 2.0 with a Special Consideration of Security Aspects," in Proc. of 4th International Conference on Knowledge Science, Engineering & Management (KSEM’10), 2010. BibTeX

A Min Tjoa and Edgar R. Weippl and Farman Ali Khan and Sabine Graf, "An Approach for Identifying Affective States through Behavioral Patterns in Web-based Learning Management System," in Proceedings of the 11th International Conference on Information Integration and Web Based Applications and Services (iiWAS2009), 2009. BibTeX | PDF

@INPROCEEDINGS{Khan_Identifying_and_Incorporating__2010,
Author = {{A Min} Tjoa and {Edgar R.} Weippl and Farman Ali Khan and Sabine Graf},
title = {An Approach for Identifying Affective States through Behavioral Patterns in Web-based Learning Management System},
booktitle = {Proceedings of the 11th International Conference on Information Integration and Web Based Applications and Services (iiWAS2009)},
year = {2009},
month = {12},
abstract = {Learning styles and affective states influence students learning. The purpose of this study is to develop a conceptual framework for identifying and integrating learning styles and affective states of a learner into web-based learning management systems and therefore provide learners with adaptive courses and additional individualized pedagogical guidance that is tailored to their learning styles and affective states. The study was carried out in three phases, the first of which was the investigation and determination of learning styles and affective states which are important for learning. Phase two consisted of the development of an approach for the identification of learning styles and affective states as well as the development of a mechanism to calculate them from the students learning interactions within web-based learning management systems. The third phase was to develop a learning strategy that is more personalized and adaptive in nature and tailored to learners needs and current situation through considering learners learning styles and affective states, aiming to lead to better learning outcomes and progress},
pdf = {p431-khan.pdf},
acm = {351733},
}

@INPROCEEDINGS{Fenz_SemanticPotentialof_2008,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart},
title = {Semantic Potential of existing Security Advisory Standards},
booktitle = {Proceedings of the FIRST2008 Conference},
year = {2008},
month = {1},
abstract = {New discoveries made on a nearly daily basis and the constantly growing amount of vulnerabilities in software products have led to the distribution of great numbers of vendor dependent vulnerability information over various channels such as mailing lists and RSS (Really Simple Syndication) feeds. However, the format of these messages presents a major problem as it lacks standardized, semantic information, resulting in very time-intensive, expensive, and error-prone processing due to the necessary human involvement. Recent developments in the field of IT security have increased the need for a sound semantic security advisory standard that allows for automatic processing of relevant security advisories in a more precise and timely manner. This would reduce pressure on organizations trying to keep their complex infrastructures secure and up-to-date by complying with standards, such as Basel II and local legislations. This paper conducts an evaluation of existing security advisory standards to identify usable semantic standards, which enable the automated processing of security advisories to ensure faster reaction times and precise response to new threats and vulnerabilities. In this way IT management can concentrate on solutions rather than on filtering messages.},
pdf = {2008 - Fenz - Semantic Potential of Existing Security Advisory Standards.pdf},
}

Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart, "Fortification of IT security by automatic security advisory processing," in Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, AINA2008, 2008, pp. 575-582. BibTeX

@INPROCEEDINGS{Fenz_FortificationofIT_2008,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart},
title = {Fortification of IT security by automatic security advisory processing},
booktitle = {Proceedings of the 22nd International Conference on Advanced Information Networking and Applications, AINA2008},
year = {2008},
month = {3},
abstract = {The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security level. Especially organizations which are hosting and processing highly sensitive data are obligated to establish a holistic company-wide security approach. We propose a novel security concept to reduce this complexity by automatic assessment of security advisories. A central entity collects vulnerability information from various sources, converts it into a standardized and machine-readable format and distributes it to its subscribers. The subscribers are then able to automatically map the vulnerability information to the ontological stored infrastructure data to visualize newly-discovered software vulnerabilities. The automatic analysis of vulnerabilities decreases response times and permits precise response to new threats and vulnerabilities, thus decreasing the administration complexity and increasing the IT security level.},
pages = {575-582},
publisher = {IEEE Computer Society},
}

@ARTICLE{Ekelhart_XMLSecurity_2008,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch and Markus Steinkellner},
title = {XML Security - A comparative literature review},
journal = {Journal of Systems and Software},
year = {2008},
month = {1},
abstract = {Since the turn of the millenium, Working Groups of the W3C have been concentrating on the development of XML based security standards, which are paraphrased as XML Security. XML Security consists of three recommendations: XML (Digital) Signature, XML Encryption and XML Key Management Specification (XKMS), all of them published by the W3C. By means of a review of the available literature the authors draw several conclusions about the status quo of XML Security. Furthermore the current state and focuses of research as well as the existing challenges are derived. Trends to different application areas - e.g. use of XML Security for Mobile Computing - are also outlined. Based on this information the analyzed results are discussed and a future outlook is predicted.},
volume = {81},
pages = {1715-1724},
note = {ISSN: 0164-1212},
}

2007

A Min Tjoa and Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart, "Security Issues for the Use of Semantic Web in e-Commerce," in Business Information Systems, 10th International Conference on Business Information Systems, BIS 2007, 2007, pp. 1-13. BibTeX | PDF

Stefan Fenz and Edgar R. Weippl and Andreas Ekelhart and Thomas Neubauer, "Formal threat descriptions for enhancing governmental risk assessment," in Proceedings of the First International Conference on Theory and Practice of Electronic Governance, 2007, pp. 40-43. BibTeX | PDF

@INPROCEEDINGS{Ekelhart_Formalthreatdescriptions_2007,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Thomas Neubauer},
title = {Formal threat descriptions for enhancing governmental risk assessment},
booktitle = {Proceedings of the First International Conference on Theory and Practice of Electronic Governance},
year = {2007},
month = {1},
abstract = {Compared to the last decades, we have recently seen more and more governmental applications which are provided via the Internet directly to the citizens. Due to the long history of IT systems in the governmental sector and the connection of these legacy systems to newer technologies, most governmental institutions are faced with a heterogeneous IT environment. More and more governmental duties and responsibilities rely solely on IT systems which have to be highly dependable to ensure the proper operation of these governmental services. An increasing amount of software vulnerabilities and the generally heightened physical threat level due to terror attacks and natural disasters demand for a holistic IT security approach which captures, manages, and secures the entire governmental IT infrastructure. Our contribution is (1) a novel inventory solution, (2) a mechanism to embed the virtual IT infrastructure data into a physical model provided by our security ontology, and (3) a methodology to automatically identify threatened assets and to reason on the current security status based on formal threat definitions taking software configurations and physical locations into account. A prototypical implementation of the aforementioned concepts shows how these concepts help governmental institutions to secure their IT infrastructure in a holistic and systematic way to fortify their IT systems in an appropriate way against current and future threats.},
pdf = {2007 - Ekelhart - Formal Threat Descriptions for Enhancing Governmental Risk Assessment.pdf},
volume = {232},
pages = {40-43},
publisher = {ACM},
note = {978-1-59593-822-0},
acm = {933612},
}

@INPROCEEDINGS{Ekelhart_OntologicalMappingof_2007,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Gernot Goluch},
title = {Ontological Mapping of Common Criterias Security Assurance Requirements},
booktitle = {New Approaches for Security, Privacy and Trust in Complex Environments, Proceedings of the IFIP TC 11 22nd International Information Security Conference, IFIPSEC2007, May 14-16},
year = {2007},
month = {5},
abstract = {The Common Criteria (CC) for Information Technology Security Evaluation provides comprehensive guidelines for the evaluation and certification of IT security regarding data security and data privacy. Due to the very complex and time-consuming certification process a lot of companies abstain from a CC certification. We created the CC Ontology tool, which is based on an ontological representation of the CC catalog, to support the evaluator at the certification process. Tasks such as the planning of an evaluation process, the review of relevant documents or the creating of reports are supported by the CC Ontology tool. With the development of this tool we reduce the time and costs needed to complete a certification.},
volume = {232_2007},
pages = {85-95},
publisher = {International Federation for Information Processing ,},
note = {978-0-387-72366-2},
}

@INPROCEEDINGS{Abramowicz_Securityaspectsin_2007,
Author = {{A Min} Tjoa and Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart and Witold Abramowicz and Dominik Zyskowski and Monika Kaczmarek},
title = {Security aspects in Semantic Web Services Filtering},
booktitle = {Proceedings of the 9th @WAS International Conference on Information Integration and Web-based Applications \& Services (iiWAS2007)},
year = {2007},
month = {1},
abstract = {Security and trust aspects, perceived as difficult to quantify, have been neglected in various service interactions. However, factors related to security and trust are in fact crucial in the overall value of service quality. A security ontology that enables a quantification of risks related to the usage of Semantic Web services in enterprise information systems was created to meet users' requirements and enhance Semantic Web services with machine processable security information. This article presents how this security ontology can be integrated into the Web service description and how it enhances the process of Web services filtering.},
pdf = {2007 - Abramowicz - Security Aspects in Semantic Web Services Filtering.pdf},
volume = {229},
pages = {21-31},
publisher = {Austrian Computer Society},
}

@INPROCEEDINGS{Weippl_SecurityOntologiesHow_2007,
Author = {Stefan Fenz and {Edgar R.} Weippl and Andreas Ekelhart},
title = {Security Ontologies: How to Improve Understanding of Complex Relationships},
booktitle = {Proceedings of the World Conference on Educational Multimedia, Hypermedia and Telecommunications 2007},
year = {2007},
month = {6},
abstract = {It is commonly accepted that simulation can provide a valuable tool in improving learning. Building on a complex knowledge base of IT security related concepts we offer our students a simulation to experience how different safeguards can influence the outcome of security incidents. The goal is to teach students that countermeasures have to cost-effective, that is, the cost of installing and operating safeguards should not exceed the anticipated benefit.},
pdf = {2007 - Weippl - Security Ontologies How to Improve Understanding of Complex Relationships.pdf},
pages = {404-407},
publisher = {AACE},
}

@INPROCEEDINGS{Weippl_SemanticStorageReport_2005,
Author = {{Edgar R.} Weippl and Markus Klemen and Manfred Linnert and Stefan Fenz and Gernot Goluch and {A Min} Tjoa},
title = {Semantic Storage: A Report on Performance and Flexibility},
booktitle = {Database and Expert Systems Applications, 16th International Conference, DEXA 2005},
year = {2005},
month = {8},
abstract = {Desktop search tools are becoming more popular. They have to deal with increasing amounts of locally stored data. Another approach is to analyze the semantic relationship between collected data in order to preprocess the data semantically. The goal is to allow searches based on relationships between various objects instead of focusing on the name of objects. We introduce a database architecture based on an existing software prototype, which is capable of meeting the various demands for a semantic information manager. We describe the use of an association table which stores the relationships between events. It enables adding or removing data items easily without the need for schema modifications. Existing optimization techniques of RDBMS can still be used.},
pdf = {2005-Weippl.pdf},
volume = {3588_2005},
pages = {586-595},
publisher = {Springer Berlin Heidelberg},
}

Edgar R. Weippl, "On the Use of Test Centers in E-Assessment," published in elearningreports.com, 2005. BibTeX

A Min Tjoa and Stefan Fenz and Edgar R. Weippl and Markus Klemen and Andreas Ekelhart, "The Semantic Desktop: A Semantic Personal Information Management System based on RDF and Topic Maps," in Proceedings of the ODBIS Workshop, 31st International Conference on Very Large Data Bases (VLDB) 2005, 2005, pp. 135-151. BibTeX

1900

@INPROCEEDINGS{Kaugers_Recent_developments_in_model_d_2010,
Author = {{Edgar R.} Weippl and Viesturs Kaugers},
title = {Recent developments in model-driven architecture and security},
booktitle = {NA},
year = {1900},
month = {0},
abstract = {Security is definitely one of the most important aspects in business information systems. This aspect is strongly related to costs, risks and reputation of organization. Currently innovative way to develop software is offered by model-driven architecture. This architecture uses models and transformations to generate executable code. Along with model-driven architecture there is one more approach based on mentioned methodology for developing secure systems. its called model-driven security. It uses the same principles as model-driven security but also introduces new ones like special languages for modeling security requirements, frameworks for building secure systems and means to define security policies. This paper describes current situation, presents overview of topical and perspective model-driven architecture and security developments and gives conclusions on the subject.},
note = {Unpublished yet},
}